@pristine-ts/security 0.0.373 → 0.0.375
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/cjs/managers/authentication.manager.js +14 -2
- package/dist/lib/cjs/managers/authentication.manager.js.map +1 -1
- package/dist/lib/cjs/managers/authorizer.manager.js +26 -3
- package/dist/lib/cjs/managers/authorizer.manager.js.map +1 -1
- package/dist/lib/cjs/managers/permission.manager.js +75 -6
- package/dist/lib/cjs/managers/permission.manager.js.map +1 -1
- package/dist/lib/esm/managers/authentication.manager.js +14 -2
- package/dist/lib/esm/managers/authentication.manager.js.map +1 -1
- package/dist/lib/esm/managers/authorizer.manager.js +26 -3
- package/dist/lib/esm/managers/authorizer.manager.js.map +1 -1
- package/dist/lib/esm/managers/permission.manager.js +75 -6
- package/dist/lib/esm/managers/permission.manager.js.map +1 -1
- package/dist/types/managers/authentication.manager.d.ts +3 -2
- package/dist/types/managers/authorizer.manager.d.ts +4 -2
- package/dist/types/managers/permission.manager.d.ts +1 -1
- package/package.json +4 -4
|
@@ -38,10 +38,11 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
38
38
|
* @param logHandler The log handler to output logs.
|
|
39
39
|
* @param authenticatorFactory The factory to create the authenticator.
|
|
40
40
|
*/
|
|
41
|
-
constructor(identityProviders, logHandler, authenticatorFactory) {
|
|
41
|
+
constructor(identityProviders, logHandler, authenticatorFactory, breadcrumbHandler) {
|
|
42
42
|
this.identityProviders = identityProviders;
|
|
43
43
|
this.logHandler = logHandler;
|
|
44
44
|
this.authenticatorFactory = authenticatorFactory;
|
|
45
|
+
this.breadcrumbHandler = breadcrumbHandler;
|
|
45
46
|
}
|
|
46
47
|
/**
|
|
47
48
|
* Authenticates a request by providing the identity that made the request.
|
|
@@ -51,6 +52,7 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
51
52
|
*/
|
|
52
53
|
authenticate(request, routeContext, container) {
|
|
53
54
|
return __awaiter(this, void 0, void 0, function* () {
|
|
55
|
+
this.breadcrumbHandler.add(`${security_module_keyname_1.SecurityModuleKeyname}:authentication.manager:authenticate:enter`, { request, routeContext });
|
|
54
56
|
if (!routeContext || routeContext[authenticator_decorator_1.authenticatorMetadataKeyname] === undefined) {
|
|
55
57
|
return undefined;
|
|
56
58
|
}
|
|
@@ -73,6 +75,15 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
73
75
|
this.logHandler.error("AuthenticationManager: Error authenticating the request.", { extra: { error: e } }, security_module_keyname_1.SecurityModuleKeyname);
|
|
74
76
|
throw e;
|
|
75
77
|
}
|
|
78
|
+
this.logHandler.info(`User successfully authenticated.`, {
|
|
79
|
+
highlights: {
|
|
80
|
+
identity,
|
|
81
|
+
},
|
|
82
|
+
extra: {
|
|
83
|
+
request,
|
|
84
|
+
routeContext,
|
|
85
|
+
},
|
|
86
|
+
}, `${security_module_keyname_1.SecurityModuleKeyname}:authentication.manager:authenticate:return`);
|
|
76
87
|
return identity;
|
|
77
88
|
});
|
|
78
89
|
}
|
|
@@ -84,6 +95,7 @@ exports.AuthenticationManager = AuthenticationManager = __decorate([
|
|
|
84
95
|
(0, tsyringe_1.injectable)(),
|
|
85
96
|
__param(0, (0, tsyringe_1.injectAll)(common_1.ServiceDefinitionTagEnum.IdentityProvider)),
|
|
86
97
|
__param(1, (0, tsyringe_1.inject)("LogHandlerInterface")),
|
|
87
|
-
|
|
98
|
+
__param(3, (0, tsyringe_1.inject)("BreadcrumbHandlerInterface")),
|
|
99
|
+
__metadata("design:paramtypes", [Array, Object, authenticator_factory_1.AuthenticatorFactory, Object])
|
|
88
100
|
], AuthenticationManager);
|
|
89
101
|
//# sourceMappingURL=authentication.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAA4E;AAE5E,gDAAmG;AAInG,8EAAwE;AACxE,wEAAiE;AAGjE,mFAAmF;AAEnF;;;GAGG;AAII,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAE9B;;;;;OAKG;IACH,YAC2E,iBAA8C,EACrE,UAA+B,EAC/C,oBAA0C;
|
|
1
|
+
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAA4E;AAE5E,gDAAmG;AAInG,8EAAwE;AACxE,wEAAiE;AAGjE,mFAAmF;AAEnF;;;GAGG;AAII,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAE9B;;;;;OAKG;IACH,YAC2E,iBAA8C,EACrE,UAA+B,EAC/C,oBAA0C,EACnB,iBAA6C;QAH7B,sBAAiB,GAAjB,iBAAiB,CAA6B;QACrE,eAAU,GAAV,UAAU,CAAqB;QAC/C,yBAAoB,GAApB,oBAAoB,CAAsB;QACnB,sBAAiB,GAAjB,iBAAiB,CAA4B;IACxG,CAAC;IAED;;;;;OAKG;IACU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B;;YACzF,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,+CAAqB,4CAA4C,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,CAAC,CAAC;YAC1H,IAAG,CAAC,YAAY,IAAI,YAAY,CAAC,sDAA4B,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC3E,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,MAAM,aAAa,GAAG,YAAY,CAAC,sDAA4B,CAAC,CAAC;YAEjE,IAAI,QAAuC,CAAC;YAE5C,MAAM,oBAAoB,GAAkC,aAAa,CAAC;YAE1E,IAAI,CAAC;gBACD,MAAM,yBAAyB,GAA2B,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBAEjI,MAAM,yBAAyB,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;gBAEjE,QAAQ,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEjE,IAAG,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACvB,OAAO,QAAQ,CAAC;gBACpB,CAAC;gBAED,mCAAmC;gBACnC,KAAK,MAAM,gBAAgB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACpD,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACxD,CAAC;YAEL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE,EAAC,KAAK,EAAE,EAAC,KAAK,EAAE,CAAC,EAAC,EAAC,EAAE,+CAAqB,CAAC,CAAC;gBAC9H,MAAM,CAAC,CAAC;YACZ,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACvD,UAAU,EAAE;oBACV,QAAQ;iBACT;gBACD,KAAK,EAAE;oBACL,OAAO;oBACP,YAAY;iBACb;aACF,EAAC,GAAG,+CAAqB,6CAA6C,CAAC,CAAA;YACxE,OAAO,QAAQ,CAAC;QACpB,CAAC;KAAA;CACJ,CAAA;AAjEY,sDAAqB;gCAArB,qBAAqB;IAHjC,IAAA,qBAAY,EAAC,+CAAqB,CAAC;IACnC,IAAA,YAAG,EAAC,gCAAgC,CAAC;IACrC,IAAA,qBAAU,GAAE;IAUJ,WAAA,IAAA,oBAAS,EAAC,iCAAwB,CAAC,gBAAgB,CAAC,CAAA;IACpD,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;IAE7B,WAAA,IAAA,iBAAM,EAAC,4BAA4B,CAAC,CAAA;oDADiB,4CAAoB;GAXrE,qBAAqB,CAiEjC"}
|
|
@@ -36,10 +36,12 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
36
36
|
* The authorizer manager provides authorization by authorizing the action.
|
|
37
37
|
* @param logHandler The log handler to output logs.
|
|
38
38
|
* @param guardFactory The factory to create the guard.
|
|
39
|
+
* @param breadcrumbHandler
|
|
39
40
|
*/
|
|
40
|
-
constructor(logHandler, guardFactory) {
|
|
41
|
+
constructor(logHandler, guardFactory, breadcrumbHandler) {
|
|
41
42
|
this.logHandler = logHandler;
|
|
42
43
|
this.guardFactory = guardFactory;
|
|
44
|
+
this.breadcrumbHandler = breadcrumbHandler;
|
|
43
45
|
}
|
|
44
46
|
/**
|
|
45
47
|
* Returns whether or not the request is authorized to access the route.
|
|
@@ -49,8 +51,10 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
49
51
|
* @param identity The identity making the request.
|
|
50
52
|
*/
|
|
51
53
|
isAuthorized(request, routeContext, container, identity) {
|
|
54
|
+
var _a, _b, _c;
|
|
52
55
|
return __awaiter(this, void 0, void 0, function* () {
|
|
53
56
|
// If there are no guards defined, we simply return that it is authorized.
|
|
57
|
+
this.breadcrumbHandler.add(`${security_module_keyname_1.SecurityModuleKeyname}:authorizer.manager:isAuthorized:enter`, { request, routeContext });
|
|
54
58
|
if (!routeContext || routeContext[guard_decorator_1.guardMetadataKeyname] === undefined || Array.isArray(routeContext[guard_decorator_1.guardMetadataKeyname]) === false) {
|
|
55
59
|
return true;
|
|
56
60
|
}
|
|
@@ -64,10 +68,28 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
64
68
|
isAuthorized = isAuthorized && didAuthorize;
|
|
65
69
|
}
|
|
66
70
|
catch (e) {
|
|
67
|
-
this.logHandler.error("AuthorizerManager: Error while authorizing the request.", {
|
|
71
|
+
this.logHandler.error("AuthorizerManager: Error while authorizing the request.", {
|
|
72
|
+
highlights: {
|
|
73
|
+
errorMessage: (_a = e === null || e === void 0 ? void 0 : e.message) !== null && _a !== void 0 ? _a : "Unknown error",
|
|
74
|
+
requestUrl: `${request.httpMethod} ${request.url}`,
|
|
75
|
+
identityId: (_b = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _b !== void 0 ? _b : "No Identity Id found",
|
|
76
|
+
identityClaims: (_c = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _c !== void 0 ? _c : "No claims found",
|
|
77
|
+
},
|
|
78
|
+
extra: {
|
|
79
|
+
error: e,
|
|
80
|
+
request,
|
|
81
|
+
identity,
|
|
82
|
+
}
|
|
83
|
+
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
68
84
|
isAuthorized = false;
|
|
69
85
|
}
|
|
70
86
|
}
|
|
87
|
+
if (isAuthorized) {
|
|
88
|
+
this.logHandler.info(`User authorized`, { headlights: { isAuthorized }, extra: { request, routeContext } }, `${security_module_keyname_1.SecurityModuleKeyname}:authorizer.manager:isAuthorized:return`);
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
this.logHandler.info(`User authorized`, { headlights: { isAuthorized }, extra: { request, routeContext } }, `${security_module_keyname_1.SecurityModuleKeyname}:authorizer.manager:isAuthorized:return`);
|
|
92
|
+
}
|
|
71
93
|
return isAuthorized;
|
|
72
94
|
});
|
|
73
95
|
}
|
|
@@ -78,6 +100,7 @@ exports.AuthorizerManager = AuthorizerManager = __decorate([
|
|
|
78
100
|
(0, common_1.tag)("AuthorizerManagerInterface"),
|
|
79
101
|
(0, tsyringe_1.injectable)(),
|
|
80
102
|
__param(0, (0, tsyringe_1.inject)("LogHandlerInterface")),
|
|
81
|
-
|
|
103
|
+
__param(2, (0, tsyringe_1.inject)("BreadcrumbHandlerInterface")),
|
|
104
|
+
__metadata("design:paramtypes", [Object, guard_factory_1.GuardFactory, Object])
|
|
82
105
|
], AuthorizerManager);
|
|
83
106
|
//# sourceMappingURL=authorizer.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAiE;AAEjE,gDAAyE;AAEzE,8DAAwD;AACxD,wEAAiE;AAEjE,mEAAmE;AAEnE;;;GAGG;AAII,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE1B
|
|
1
|
+
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAiE;AAEjE,gDAAyE;AAEzE,8DAAwD;AACxD,wEAAiE;AAEjE,mEAAmE;AAEnE;;;GAGG;AAII,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE1B;;;;;OAKG;IACH,YAAmE,UAA+B,EAC9D,YAA0B,EACY,iBAA6C;QAFpD,eAAU,GAAV,UAAU,CAAqB;QAC9D,iBAAY,GAAZ,YAAY,CAAc;QACY,sBAAiB,GAAjB,iBAAiB,CAA4B;IACvH,CAAC;IAED;;;;;;OAMG;IACU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B,EAAE,QAA4B;;;YACvH,0EAA0E;YAC5E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,+CAAqB,wCAAwC,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,CAAC,CAAC;YAEpH,IAAG,CAAC,YAAY,IAAI,YAAY,CAAC,sCAAoB,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,sCAAoB,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;gBAClI,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,sCAAoB,CAAC,CAAC;YAElD,IAAI,YAAY,GAAG,IAAI,CAAC;YAExB,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;gBAChC,IAAI,CAAC;oBACD,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;oBAEjF,MAAM,iBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;oBAEjD,MAAM,YAAY,GAAE,MAAM,iBAAiB,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;oBAC5E,YAAY,GAAG,YAAY,IAAI,YAAY,CAAC;gBAChD,CAAC;gBACD,OAAO,CAAM,EAAE,CAAC;oBACZ,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,yDAAyD,EAAE;wBAC7E,UAAU,EAAE;4BACR,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;4BAC3C,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE;4BAClD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;yBACxD;wBACD,KAAK,EAAE;4BACH,KAAK,EAAE,CAAC;4BACR,OAAO;4BACP,QAAQ;yBACX;qBACJ,EAAE,+CAAqB,CAAC,CAAC;oBAC1B,YAAY,GAAG,KAAK,CAAC;gBACzB,CAAC;YACL,CAAC;YAED,IAAG,YAAY,EAAE,CAAC;gBAChB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAC,UAAU,EAAE,EAAC,YAAY,EAAC,EAAE,KAAK,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,EAAC,EAAE,GAAG,+CAAqB,yCAAyC,CAAC,CAAC;YAC3K,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAC,UAAU,EAAE,EAAC,YAAY,EAAC,EAAE,KAAK,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,EAAC,EAAE,GAAG,+CAAqB,yCAAyC,CAAC,CAAC;YAC3K,CAAC;YAED,OAAO,YAAY,CAAC;;KACvB;CACJ,CAAA;AAnEY,8CAAiB;4BAAjB,iBAAiB;IAH7B,IAAA,qBAAY,EAAC,+CAAqB,CAAC;IACnC,IAAA,YAAG,EAAC,4BAA4B,CAAC;IACjC,IAAA,qBAAU,GAAE;IASW,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;IAE7B,WAAA,IAAA,iBAAM,EAAC,4BAA4B,CAAC,CAAA;6CADN,4BAAY;GATrD,iBAAiB,CAmE7B"}
|
|
@@ -49,35 +49,93 @@ let PermissionManager = class PermissionManager {
|
|
|
49
49
|
* @param votingStrategy The voting strategy that defines how to merge the votes. Default is DenyOnUnanimousAbstention.
|
|
50
50
|
*/
|
|
51
51
|
hasAccessToResource(identity, action, resource, votingStrategy = voting_strategy_enum_1.VotingStrategyEnum.DenyOnUnanimousAbstention) {
|
|
52
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
|
|
52
53
|
return __awaiter(this, void 0, void 0, function* () {
|
|
53
54
|
if (this.voters.length === 0) {
|
|
54
55
|
this.logHandler.warning("PermissionManager: No voters were found, this could lead to unexpected behavior. Make sure that you have registered voters in your application.", {
|
|
56
|
+
highlights: {
|
|
57
|
+
identityId: (_a = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _a !== void 0 ? _a : "No Identity Id found",
|
|
58
|
+
identityClaims: (_b = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _b !== void 0 ? _b : "No claims found",
|
|
59
|
+
action,
|
|
60
|
+
},
|
|
55
61
|
extra: {
|
|
56
62
|
identity,
|
|
57
|
-
action,
|
|
58
63
|
resource,
|
|
64
|
+
votingStrategy,
|
|
59
65
|
}
|
|
60
66
|
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
61
67
|
}
|
|
62
68
|
const votes = [];
|
|
63
69
|
for (const voter of this.voters) {
|
|
64
70
|
if (voter.supports(resource) === false) {
|
|
65
|
-
this.logHandler.debug("PermissionManager: voter does not support this resource.", {
|
|
71
|
+
this.logHandler.debug("PermissionManager: voter does not support this resource.", {
|
|
72
|
+
highlights: {
|
|
73
|
+
identityId: (_c = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _c !== void 0 ? _c : "No Identity Id found",
|
|
74
|
+
identityClaims: (_d = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _d !== void 0 ? _d : "No claims found",
|
|
75
|
+
action,
|
|
76
|
+
voter: voter.constructor.name,
|
|
77
|
+
},
|
|
78
|
+
extra: {
|
|
79
|
+
identity,
|
|
80
|
+
resource,
|
|
81
|
+
votingStrategy,
|
|
82
|
+
}
|
|
83
|
+
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
66
84
|
continue;
|
|
67
85
|
}
|
|
68
86
|
try {
|
|
69
87
|
const vote = yield voter.vote(identity, action, resource);
|
|
70
88
|
const message = "PermissionManager: Voter " + voter.constructor.name + " voted: " + vote;
|
|
71
89
|
if (vote === vote_enum_1.VoteEnum.Deny) { // When it's being denied, it usually mean that something is important to be noticed.
|
|
72
|
-
this.logHandler.info(message, {
|
|
90
|
+
this.logHandler.info(message, {
|
|
91
|
+
highlights: {
|
|
92
|
+
identityId: (_e = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _e !== void 0 ? _e : "No Identity Id found",
|
|
93
|
+
identityClaims: (_f = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _f !== void 0 ? _f : "No claims found",
|
|
94
|
+
action,
|
|
95
|
+
voter: voter.constructor.name,
|
|
96
|
+
vote,
|
|
97
|
+
},
|
|
98
|
+
extra: {
|
|
99
|
+
identity,
|
|
100
|
+
resource,
|
|
101
|
+
votingStrategy,
|
|
102
|
+
}
|
|
103
|
+
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
73
104
|
}
|
|
74
105
|
else {
|
|
75
|
-
this.logHandler.debug(message, {
|
|
106
|
+
this.logHandler.debug(message, {
|
|
107
|
+
highlights: {
|
|
108
|
+
identityId: (_g = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _g !== void 0 ? _g : "No Identity Id found",
|
|
109
|
+
identityClaims: (_h = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _h !== void 0 ? _h : "No claims found",
|
|
110
|
+
action,
|
|
111
|
+
voter: voter.constructor.name,
|
|
112
|
+
vote,
|
|
113
|
+
},
|
|
114
|
+
extra: {
|
|
115
|
+
identity,
|
|
116
|
+
resource,
|
|
117
|
+
votingStrategy,
|
|
118
|
+
}
|
|
119
|
+
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
76
120
|
}
|
|
77
121
|
votes.push(vote);
|
|
78
122
|
}
|
|
79
123
|
catch (error) {
|
|
80
|
-
this.logHandler.error("PermissionManager: Error while voting, please check the logs for more details.", {
|
|
124
|
+
this.logHandler.error("PermissionManager: Error while voting, please check the logs for more details.", {
|
|
125
|
+
highlights: {
|
|
126
|
+
errorMessage: (_j = error.message) !== null && _j !== void 0 ? _j : "Unknown error",
|
|
127
|
+
identityId: (_k = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _k !== void 0 ? _k : "No Identity Id found",
|
|
128
|
+
identityClaims: (_l = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _l !== void 0 ? _l : "No claims found",
|
|
129
|
+
action,
|
|
130
|
+
voter: voter.constructor.name,
|
|
131
|
+
},
|
|
132
|
+
extra: {
|
|
133
|
+
error,
|
|
134
|
+
identity,
|
|
135
|
+
resource,
|
|
136
|
+
votingStrategy,
|
|
137
|
+
}
|
|
138
|
+
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
81
139
|
throw error;
|
|
82
140
|
}
|
|
83
141
|
}
|
|
@@ -87,7 +145,18 @@ let PermissionManager = class PermissionManager {
|
|
|
87
145
|
shouldGrantAccess = false;
|
|
88
146
|
}
|
|
89
147
|
}
|
|
90
|
-
this.logHandler.info("PermissionManager: Access to resource " + resource.constructor.name + " was " + (shouldGrantAccess ? "GRANTED" : "DENIED"), {
|
|
148
|
+
this.logHandler.info("PermissionManager: Access to resource " + resource.constructor.name + " was " + (shouldGrantAccess ? "GRANTED" : "DENIED"), {
|
|
149
|
+
highlights: {
|
|
150
|
+
resourceName: resource.constructor.name,
|
|
151
|
+
access: shouldGrantAccess ? "GRANTED" : "DENIED",
|
|
152
|
+
identityId: (_m = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _m !== void 0 ? _m : "No Identity Id found",
|
|
153
|
+
identityClaims: (_o = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _o !== void 0 ? _o : "No claims found",
|
|
154
|
+
}, extra: {
|
|
155
|
+
identity,
|
|
156
|
+
resource,
|
|
157
|
+
votingStrategy,
|
|
158
|
+
}
|
|
159
|
+
}, security_module_keyname_1.SecurityModuleKeyname);
|
|
91
160
|
return shouldGrantAccess;
|
|
92
161
|
});
|
|
93
162
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAuD;AAEvD,wEAAiE;
|
|
1
|
+
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAuD;AAEvD,wEAAiE;AACjE,kDAA4C;AAC5C,gDAAgF;AAChF,wEAAiE;AAEjE;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE1B;;;;;OAKG;IACH,YAA+E,MAAwB,EACpC,UAA+B;QADnB,WAAM,GAAN,MAAM,CAAkB;QACpC,eAAU,GAAV,UAAU,CAAqB;IAClG,CAAC;IAED;;;;;;OAMG;IACG,mBAAmB,CAAC,QAA2B,EAAE,MAAc,EAAE,QAAgB,EAAE,iBAAqC,yCAAkB,CAAC,yBAAyB;;;YACtK,IAAG,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAC,CAAC;gBACzB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,iJAAiJ,EAAE;oBACvK,UAAU,EAAE;wBACR,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;wBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;wBACrD,MAAM;qBACT;oBACD,KAAK,EAAE;wBACH,QAAQ;wBACR,QAAQ;wBACR,cAAc;qBACjB;iBACJ,EAAE,+CAAqB,CAAC,CAAC;YAC9B,CAAC;YAED,MAAM,KAAK,GAAe,EAAE,CAAC;YAE7B,KAAI,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC7B,IAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;oBACpC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE;wBAC9E,UAAU,EAAE;4BACR,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAChC;wBACD,KAAK,EAAE;4BACH,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACjB;qBACJ,EAAE,+CAAqB,CAAE,CAAC;oBAC3B,SAAS;gBACb,CAAC;gBAED,IAAI,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;oBAC1D,MAAM,OAAO,GAAG,2BAA2B,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,GAAG,UAAU,GAAG,IAAI,CAAC;oBAEzF,IAAG,IAAI,KAAK,oBAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,qFAAqF;wBAC9G,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;4BAC5B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,EAAE,+CAAqB,CAAC,CAAA;oBAC7B,CAAC;yBACK,CAAC;wBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE;4BAC7B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,EAAE,+CAAqB,CAAE,CAAC;oBAC/B,CAAC;oBAED,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACrB,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBAClB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,gFAAgF,EAAE;wBACtG,UAAU,EAAE;4BACV,YAAY,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,eAAe;4BAC9C,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAC9B;wBACD,KAAK,EAAE;4BACL,KAAK;4BACL,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACf;qBACF,EAAE,+CAAqB,CAAC,CAAC;oBAC1B,MAAM,KAAK,CAAC;gBAChB,CAAC;YAEL,CAAC;YAED,IAAI,iBAAiB,GAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IAAI,cAAc,KAAK,yCAAkB,CAAC,yBAAyB,EAAE,CAAC;gBAClE,IAAG,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,oBAAQ,CAAC,OAAO,CAAC,EAAC,CAAC;oBACvE,iBAAiB,GAAG,KAAK,CAAC;gBAC9B,CAAC;YACL,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,wCAAwC,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,OAAO,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;gBAC9I,UAAU,EAAE;oBACR,YAAY,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI;oBACvC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;oBAChD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;oBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;iBACxD,EAAE,KAAK,EAAE;oBACN,QAAQ;oBACR,QAAQ;oBACR,cAAc;iBACnB;aACF,EAAE,+CAAqB,CAAC,CAAC;YAE1B,OAAO,iBAAiB,CAAC;;KAC5B;CACJ,CAAA;AAzIY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,qBAAU,GAAE;IASW,WAAA,IAAA,oBAAS,EAAC,iCAAwB,CAAC,KAAK,CAAC,CAAA;IACzC,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;;GATxC,iBAAiB,CAyI7B"}
|
|
@@ -35,10 +35,11 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
35
35
|
* @param logHandler The log handler to output logs.
|
|
36
36
|
* @param authenticatorFactory The factory to create the authenticator.
|
|
37
37
|
*/
|
|
38
|
-
constructor(identityProviders, logHandler, authenticatorFactory) {
|
|
38
|
+
constructor(identityProviders, logHandler, authenticatorFactory, breadcrumbHandler) {
|
|
39
39
|
this.identityProviders = identityProviders;
|
|
40
40
|
this.logHandler = logHandler;
|
|
41
41
|
this.authenticatorFactory = authenticatorFactory;
|
|
42
|
+
this.breadcrumbHandler = breadcrumbHandler;
|
|
42
43
|
}
|
|
43
44
|
/**
|
|
44
45
|
* Authenticates a request by providing the identity that made the request.
|
|
@@ -48,6 +49,7 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
48
49
|
*/
|
|
49
50
|
authenticate(request, routeContext, container) {
|
|
50
51
|
return __awaiter(this, void 0, void 0, function* () {
|
|
52
|
+
this.breadcrumbHandler.add(`${SecurityModuleKeyname}:authentication.manager:authenticate:enter`, { request, routeContext });
|
|
51
53
|
if (!routeContext || routeContext[authenticatorMetadataKeyname] === undefined) {
|
|
52
54
|
return undefined;
|
|
53
55
|
}
|
|
@@ -70,6 +72,15 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
70
72
|
this.logHandler.error("AuthenticationManager: Error authenticating the request.", { extra: { error: e } }, SecurityModuleKeyname);
|
|
71
73
|
throw e;
|
|
72
74
|
}
|
|
75
|
+
this.logHandler.info(`User successfully authenticated.`, {
|
|
76
|
+
highlights: {
|
|
77
|
+
identity,
|
|
78
|
+
},
|
|
79
|
+
extra: {
|
|
80
|
+
request,
|
|
81
|
+
routeContext,
|
|
82
|
+
},
|
|
83
|
+
}, `${SecurityModuleKeyname}:authentication.manager:authenticate:return`);
|
|
73
84
|
return identity;
|
|
74
85
|
});
|
|
75
86
|
}
|
|
@@ -80,7 +91,8 @@ AuthenticationManager = __decorate([
|
|
|
80
91
|
injectable(),
|
|
81
92
|
__param(0, injectAll(ServiceDefinitionTagEnum.IdentityProvider)),
|
|
82
93
|
__param(1, inject("LogHandlerInterface")),
|
|
83
|
-
|
|
94
|
+
__param(3, inject("BreadcrumbHandlerInterface")),
|
|
95
|
+
__metadata("design:paramtypes", [Array, Object, AuthenticatorFactory, Object])
|
|
84
96
|
], AuthenticationManager);
|
|
85
97
|
export { AuthenticationManager };
|
|
86
98
|
//# sourceMappingURL=authentication.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAE5E,OAAO,EAAoB,YAAY,EAAE,wBAAwB,EAAE,GAAG,EAAC,MAAM,qBAAqB,CAAC;AAInG,OAAO,EAAC,oBAAoB,EAAC,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AAGjE,OAAO,EAAC,4BAA4B,EAAC,MAAM,uCAAuC,CAAC;AAEnF;;;GAGG;AAII,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAE9B;;;;;OAKG;IACH,YAC2E,iBAA8C,EACrE,UAA+B,EAC/C,oBAA0C;
|
|
1
|
+
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAE5E,OAAO,EAAoB,YAAY,EAAE,wBAAwB,EAAE,GAAG,EAAC,MAAM,qBAAqB,CAAC;AAInG,OAAO,EAAC,oBAAoB,EAAC,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AAGjE,OAAO,EAAC,4BAA4B,EAAC,MAAM,uCAAuC,CAAC;AAEnF;;;GAGG;AAII,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAE9B;;;;;OAKG;IACH,YAC2E,iBAA8C,EACrE,UAA+B,EAC/C,oBAA0C,EACnB,iBAA6C;QAH7B,sBAAiB,GAAjB,iBAAiB,CAA6B;QACrE,eAAU,GAAV,UAAU,CAAqB;QAC/C,yBAAoB,GAApB,oBAAoB,CAAsB;QACnB,sBAAiB,GAAjB,iBAAiB,CAA4B;IACxG,CAAC;IAED;;;;;OAKG;IACU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B;;YACzF,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,qBAAqB,4CAA4C,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,CAAC,CAAC;YAC1H,IAAG,CAAC,YAAY,IAAI,YAAY,CAAC,4BAA4B,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC3E,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,MAAM,aAAa,GAAG,YAAY,CAAC,4BAA4B,CAAC,CAAC;YAEjE,IAAI,QAAuC,CAAC;YAE5C,MAAM,oBAAoB,GAAkC,aAAa,CAAC;YAE1E,IAAI,CAAC;gBACD,MAAM,yBAAyB,GAA2B,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBAEjI,MAAM,yBAAyB,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;gBAEjE,QAAQ,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEjE,IAAG,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACvB,OAAO,QAAQ,CAAC;gBACpB,CAAC;gBAED,mCAAmC;gBACnC,KAAK,MAAM,gBAAgB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACpD,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACxD,CAAC;YAEL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE,EAAC,KAAK,EAAE,EAAC,KAAK,EAAE,CAAC,EAAC,EAAC,EAAE,qBAAqB,CAAC,CAAC;gBAC9H,MAAM,CAAC,CAAC;YACZ,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACvD,UAAU,EAAE;oBACV,QAAQ;iBACT;gBACD,KAAK,EAAE;oBACL,OAAO;oBACP,YAAY;iBACb;aACF,EAAC,GAAG,qBAAqB,6CAA6C,CAAC,CAAA;YACxE,OAAO,QAAQ,CAAC;QACpB,CAAC;KAAA;CACJ,CAAA;AAjEY,qBAAqB;IAHjC,YAAY,CAAC,qBAAqB,CAAC;IACnC,GAAG,CAAC,gCAAgC,CAAC;IACrC,UAAU,EAAE;IAUJ,WAAA,SAAS,CAAC,wBAAwB,CAAC,gBAAgB,CAAC,CAAA;IACpD,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;IAE7B,WAAA,MAAM,CAAC,4BAA4B,CAAC,CAAA;oDADiB,oBAAoB;GAXrE,qBAAqB,CAiEjC"}
|
|
@@ -33,10 +33,12 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
33
33
|
* The authorizer manager provides authorization by authorizing the action.
|
|
34
34
|
* @param logHandler The log handler to output logs.
|
|
35
35
|
* @param guardFactory The factory to create the guard.
|
|
36
|
+
* @param breadcrumbHandler
|
|
36
37
|
*/
|
|
37
|
-
constructor(logHandler, guardFactory) {
|
|
38
|
+
constructor(logHandler, guardFactory, breadcrumbHandler) {
|
|
38
39
|
this.logHandler = logHandler;
|
|
39
40
|
this.guardFactory = guardFactory;
|
|
41
|
+
this.breadcrumbHandler = breadcrumbHandler;
|
|
40
42
|
}
|
|
41
43
|
/**
|
|
42
44
|
* Returns whether or not the request is authorized to access the route.
|
|
@@ -46,8 +48,10 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
46
48
|
* @param identity The identity making the request.
|
|
47
49
|
*/
|
|
48
50
|
isAuthorized(request, routeContext, container, identity) {
|
|
51
|
+
var _a, _b, _c;
|
|
49
52
|
return __awaiter(this, void 0, void 0, function* () {
|
|
50
53
|
// If there are no guards defined, we simply return that it is authorized.
|
|
54
|
+
this.breadcrumbHandler.add(`${SecurityModuleKeyname}:authorizer.manager:isAuthorized:enter`, { request, routeContext });
|
|
51
55
|
if (!routeContext || routeContext[guardMetadataKeyname] === undefined || Array.isArray(routeContext[guardMetadataKeyname]) === false) {
|
|
52
56
|
return true;
|
|
53
57
|
}
|
|
@@ -61,10 +65,28 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
61
65
|
isAuthorized = isAuthorized && didAuthorize;
|
|
62
66
|
}
|
|
63
67
|
catch (e) {
|
|
64
|
-
this.logHandler.error("AuthorizerManager: Error while authorizing the request.", {
|
|
68
|
+
this.logHandler.error("AuthorizerManager: Error while authorizing the request.", {
|
|
69
|
+
highlights: {
|
|
70
|
+
errorMessage: (_a = e === null || e === void 0 ? void 0 : e.message) !== null && _a !== void 0 ? _a : "Unknown error",
|
|
71
|
+
requestUrl: `${request.httpMethod} ${request.url}`,
|
|
72
|
+
identityId: (_b = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _b !== void 0 ? _b : "No Identity Id found",
|
|
73
|
+
identityClaims: (_c = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _c !== void 0 ? _c : "No claims found",
|
|
74
|
+
},
|
|
75
|
+
extra: {
|
|
76
|
+
error: e,
|
|
77
|
+
request,
|
|
78
|
+
identity,
|
|
79
|
+
}
|
|
80
|
+
}, SecurityModuleKeyname);
|
|
65
81
|
isAuthorized = false;
|
|
66
82
|
}
|
|
67
83
|
}
|
|
84
|
+
if (isAuthorized) {
|
|
85
|
+
this.logHandler.info(`User authorized`, { headlights: { isAuthorized }, extra: { request, routeContext } }, `${SecurityModuleKeyname}:authorizer.manager:isAuthorized:return`);
|
|
86
|
+
}
|
|
87
|
+
else {
|
|
88
|
+
this.logHandler.info(`User authorized`, { headlights: { isAuthorized }, extra: { request, routeContext } }, `${SecurityModuleKeyname}:authorizer.manager:isAuthorized:return`);
|
|
89
|
+
}
|
|
68
90
|
return isAuthorized;
|
|
69
91
|
});
|
|
70
92
|
}
|
|
@@ -74,7 +96,8 @@ AuthorizerManager = __decorate([
|
|
|
74
96
|
tag("AuthorizerManagerInterface"),
|
|
75
97
|
injectable(),
|
|
76
98
|
__param(0, inject("LogHandlerInterface")),
|
|
77
|
-
|
|
99
|
+
__param(2, inject("BreadcrumbHandlerInterface")),
|
|
100
|
+
__metadata("design:paramtypes", [Object, GuardFactory, Object])
|
|
78
101
|
], AuthorizerManager);
|
|
79
102
|
export { AuthorizerManager };
|
|
80
103
|
//# sourceMappingURL=authorizer.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAC,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAoB,YAAY,EAAE,GAAG,EAAC,MAAM,qBAAqB,CAAC;AAEzE,OAAO,EAAC,YAAY,EAAC,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAC,oBAAoB,EAAC,MAAM,+BAA+B,CAAC;AAEnE;;;GAGG;AAII,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE1B
|
|
1
|
+
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAC,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAoB,YAAY,EAAE,GAAG,EAAC,MAAM,qBAAqB,CAAC;AAEzE,OAAO,EAAC,YAAY,EAAC,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAC,oBAAoB,EAAC,MAAM,+BAA+B,CAAC;AAEnE;;;GAGG;AAII,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE1B;;;;;OAKG;IACH,YAAmE,UAA+B,EAC9D,YAA0B,EACY,iBAA6C;QAFpD,eAAU,GAAV,UAAU,CAAqB;QAC9D,iBAAY,GAAZ,YAAY,CAAc;QACY,sBAAiB,GAAjB,iBAAiB,CAA4B;IACvH,CAAC;IAED;;;;;;OAMG;IACU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B,EAAE,QAA4B;;;YACvH,0EAA0E;YAC5E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,qBAAqB,wCAAwC,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,CAAC,CAAC;YAEpH,IAAG,CAAC,YAAY,IAAI,YAAY,CAAC,oBAAoB,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;gBAClI,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;YAElD,IAAI,YAAY,GAAG,IAAI,CAAC;YAExB,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;gBAChC,IAAI,CAAC;oBACD,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;oBAEjF,MAAM,iBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;oBAEjD,MAAM,YAAY,GAAE,MAAM,iBAAiB,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;oBAC5E,YAAY,GAAG,YAAY,IAAI,YAAY,CAAC;gBAChD,CAAC;gBACD,OAAO,CAAM,EAAE,CAAC;oBACZ,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,yDAAyD,EAAE;wBAC7E,UAAU,EAAE;4BACR,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;4BAC3C,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE;4BAClD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;yBACxD;wBACD,KAAK,EAAE;4BACH,KAAK,EAAE,CAAC;4BACR,OAAO;4BACP,QAAQ;yBACX;qBACJ,EAAE,qBAAqB,CAAC,CAAC;oBAC1B,YAAY,GAAG,KAAK,CAAC;gBACzB,CAAC;YACL,CAAC;YAED,IAAG,YAAY,EAAE,CAAC;gBAChB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAC,UAAU,EAAE,EAAC,YAAY,EAAC,EAAE,KAAK,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,EAAC,EAAE,GAAG,qBAAqB,yCAAyC,CAAC,CAAC;YAC3K,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAC,UAAU,EAAE,EAAC,YAAY,EAAC,EAAE,KAAK,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC,EAAC,EAAE,GAAG,qBAAqB,yCAAyC,CAAC,CAAC;YAC3K,CAAC;YAED,OAAO,YAAY,CAAC;;KACvB;CACJ,CAAA;AAnEY,iBAAiB;IAH7B,YAAY,CAAC,qBAAqB,CAAC;IACnC,GAAG,CAAC,4BAA4B,CAAC;IACjC,UAAU,EAAE;IASW,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;IAE7B,WAAA,MAAM,CAAC,4BAA4B,CAAC,CAAA;6CADN,YAAY;GATrD,iBAAiB,CAmE7B"}
|
|
@@ -46,35 +46,93 @@ let PermissionManager = class PermissionManager {
|
|
|
46
46
|
* @param votingStrategy The voting strategy that defines how to merge the votes. Default is DenyOnUnanimousAbstention.
|
|
47
47
|
*/
|
|
48
48
|
hasAccessToResource(identity, action, resource, votingStrategy = VotingStrategyEnum.DenyOnUnanimousAbstention) {
|
|
49
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
|
|
49
50
|
return __awaiter(this, void 0, void 0, function* () {
|
|
50
51
|
if (this.voters.length === 0) {
|
|
51
52
|
this.logHandler.warning("PermissionManager: No voters were found, this could lead to unexpected behavior. Make sure that you have registered voters in your application.", {
|
|
53
|
+
highlights: {
|
|
54
|
+
identityId: (_a = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _a !== void 0 ? _a : "No Identity Id found",
|
|
55
|
+
identityClaims: (_b = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _b !== void 0 ? _b : "No claims found",
|
|
56
|
+
action,
|
|
57
|
+
},
|
|
52
58
|
extra: {
|
|
53
59
|
identity,
|
|
54
|
-
action,
|
|
55
60
|
resource,
|
|
61
|
+
votingStrategy,
|
|
56
62
|
}
|
|
57
63
|
}, SecurityModuleKeyname);
|
|
58
64
|
}
|
|
59
65
|
const votes = [];
|
|
60
66
|
for (const voter of this.voters) {
|
|
61
67
|
if (voter.supports(resource) === false) {
|
|
62
|
-
this.logHandler.debug("PermissionManager: voter does not support this resource.", {
|
|
68
|
+
this.logHandler.debug("PermissionManager: voter does not support this resource.", {
|
|
69
|
+
highlights: {
|
|
70
|
+
identityId: (_c = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _c !== void 0 ? _c : "No Identity Id found",
|
|
71
|
+
identityClaims: (_d = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _d !== void 0 ? _d : "No claims found",
|
|
72
|
+
action,
|
|
73
|
+
voter: voter.constructor.name,
|
|
74
|
+
},
|
|
75
|
+
extra: {
|
|
76
|
+
identity,
|
|
77
|
+
resource,
|
|
78
|
+
votingStrategy,
|
|
79
|
+
}
|
|
80
|
+
}, SecurityModuleKeyname);
|
|
63
81
|
continue;
|
|
64
82
|
}
|
|
65
83
|
try {
|
|
66
84
|
const vote = yield voter.vote(identity, action, resource);
|
|
67
85
|
const message = "PermissionManager: Voter " + voter.constructor.name + " voted: " + vote;
|
|
68
86
|
if (vote === VoteEnum.Deny) { // When it's being denied, it usually mean that something is important to be noticed.
|
|
69
|
-
this.logHandler.info(message, {
|
|
87
|
+
this.logHandler.info(message, {
|
|
88
|
+
highlights: {
|
|
89
|
+
identityId: (_e = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _e !== void 0 ? _e : "No Identity Id found",
|
|
90
|
+
identityClaims: (_f = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _f !== void 0 ? _f : "No claims found",
|
|
91
|
+
action,
|
|
92
|
+
voter: voter.constructor.name,
|
|
93
|
+
vote,
|
|
94
|
+
},
|
|
95
|
+
extra: {
|
|
96
|
+
identity,
|
|
97
|
+
resource,
|
|
98
|
+
votingStrategy,
|
|
99
|
+
}
|
|
100
|
+
}, SecurityModuleKeyname);
|
|
70
101
|
}
|
|
71
102
|
else {
|
|
72
|
-
this.logHandler.debug(message, {
|
|
103
|
+
this.logHandler.debug(message, {
|
|
104
|
+
highlights: {
|
|
105
|
+
identityId: (_g = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _g !== void 0 ? _g : "No Identity Id found",
|
|
106
|
+
identityClaims: (_h = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _h !== void 0 ? _h : "No claims found",
|
|
107
|
+
action,
|
|
108
|
+
voter: voter.constructor.name,
|
|
109
|
+
vote,
|
|
110
|
+
},
|
|
111
|
+
extra: {
|
|
112
|
+
identity,
|
|
113
|
+
resource,
|
|
114
|
+
votingStrategy,
|
|
115
|
+
}
|
|
116
|
+
}, SecurityModuleKeyname);
|
|
73
117
|
}
|
|
74
118
|
votes.push(vote);
|
|
75
119
|
}
|
|
76
120
|
catch (error) {
|
|
77
|
-
this.logHandler.error("PermissionManager: Error while voting, please check the logs for more details.", {
|
|
121
|
+
this.logHandler.error("PermissionManager: Error while voting, please check the logs for more details.", {
|
|
122
|
+
highlights: {
|
|
123
|
+
errorMessage: (_j = error.message) !== null && _j !== void 0 ? _j : "Unknown error",
|
|
124
|
+
identityId: (_k = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _k !== void 0 ? _k : "No Identity Id found",
|
|
125
|
+
identityClaims: (_l = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _l !== void 0 ? _l : "No claims found",
|
|
126
|
+
action,
|
|
127
|
+
voter: voter.constructor.name,
|
|
128
|
+
},
|
|
129
|
+
extra: {
|
|
130
|
+
error,
|
|
131
|
+
identity,
|
|
132
|
+
resource,
|
|
133
|
+
votingStrategy,
|
|
134
|
+
}
|
|
135
|
+
}, SecurityModuleKeyname);
|
|
78
136
|
throw error;
|
|
79
137
|
}
|
|
80
138
|
}
|
|
@@ -84,7 +142,18 @@ let PermissionManager = class PermissionManager {
|
|
|
84
142
|
shouldGrantAccess = false;
|
|
85
143
|
}
|
|
86
144
|
}
|
|
87
|
-
this.logHandler.info("PermissionManager: Access to resource " + resource.constructor.name + " was " + (shouldGrantAccess ? "GRANTED" : "DENIED"), {
|
|
145
|
+
this.logHandler.info("PermissionManager: Access to resource " + resource.constructor.name + " was " + (shouldGrantAccess ? "GRANTED" : "DENIED"), {
|
|
146
|
+
highlights: {
|
|
147
|
+
resourceName: resource.constructor.name,
|
|
148
|
+
access: shouldGrantAccess ? "GRANTED" : "DENIED",
|
|
149
|
+
identityId: (_m = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _m !== void 0 ? _m : "No Identity Id found",
|
|
150
|
+
identityClaims: (_o = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _o !== void 0 ? _o : "No claims found",
|
|
151
|
+
}, extra: {
|
|
152
|
+
identity,
|
|
153
|
+
resource,
|
|
154
|
+
votingStrategy,
|
|
155
|
+
}
|
|
156
|
+
}, SecurityModuleKeyname);
|
|
88
157
|
return shouldGrantAccess;
|
|
89
158
|
});
|
|
90
159
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEvD,OAAO,EAAC,kBAAkB,EAAC,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEvD,OAAO,EAAC,kBAAkB,EAAC,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAC,QAAQ,EAAC,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAoB,wBAAwB,EAAC,MAAM,qBAAqB,CAAC;AAChF,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AAEjE;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE1B;;;;;OAKG;IACH,YAA+E,MAAwB,EACpC,UAA+B;QADnB,WAAM,GAAN,MAAM,CAAkB;QACpC,eAAU,GAAV,UAAU,CAAqB;IAClG,CAAC;IAED;;;;;;OAMG;IACG,mBAAmB,CAAC,QAA2B,EAAE,MAAc,EAAE,QAAgB,EAAE,iBAAqC,kBAAkB,CAAC,yBAAyB;;;YACtK,IAAG,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAC,CAAC;gBACzB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,iJAAiJ,EAAE;oBACvK,UAAU,EAAE;wBACR,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;wBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;wBACrD,MAAM;qBACT;oBACD,KAAK,EAAE;wBACH,QAAQ;wBACR,QAAQ;wBACR,cAAc;qBACjB;iBACJ,EAAE,qBAAqB,CAAC,CAAC;YAC9B,CAAC;YAED,MAAM,KAAK,GAAe,EAAE,CAAC;YAE7B,KAAI,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC7B,IAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;oBACpC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE;wBAC9E,UAAU,EAAE;4BACR,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAChC;wBACD,KAAK,EAAE;4BACH,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACjB;qBACJ,EAAE,qBAAqB,CAAE,CAAC;oBAC3B,SAAS;gBACb,CAAC;gBAED,IAAI,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;oBAC1D,MAAM,OAAO,GAAG,2BAA2B,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,GAAG,UAAU,GAAG,IAAI,CAAC;oBAEzF,IAAG,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,qFAAqF;wBAC9G,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;4BAC5B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,EAAE,qBAAqB,CAAC,CAAA;oBAC7B,CAAC;yBACK,CAAC;wBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE;4BAC7B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,EAAE,qBAAqB,CAAE,CAAC;oBAC/B,CAAC;oBAED,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACrB,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBAClB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,gFAAgF,EAAE;wBACtG,UAAU,EAAE;4BACV,YAAY,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,eAAe;4BAC9C,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAC9B;wBACD,KAAK,EAAE;4BACL,KAAK;4BACL,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACf;qBACF,EAAE,qBAAqB,CAAC,CAAC;oBAC1B,MAAM,KAAK,CAAC;gBAChB,CAAC;YAEL,CAAC;YAED,IAAI,iBAAiB,GAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IAAI,cAAc,KAAK,kBAAkB,CAAC,yBAAyB,EAAE,CAAC;gBAClE,IAAG,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,OAAO,CAAC,EAAC,CAAC;oBACvE,iBAAiB,GAAG,KAAK,CAAC;gBAC9B,CAAC;YACL,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,wCAAwC,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,OAAO,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;gBAC9I,UAAU,EAAE;oBACR,YAAY,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI;oBACvC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;oBAChD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;oBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;iBACxD,EAAE,KAAK,EAAE;oBACN,QAAQ;oBACR,QAAQ;oBACR,cAAc;iBACnB;aACF,EAAE,qBAAqB,CAAC,CAAC;YAE1B,OAAO,iBAAiB,CAAC;;KAC5B;CACJ,CAAA;AAzIY,iBAAiB;IAD7B,UAAU,EAAE;IASW,WAAA,SAAS,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAA;IACzC,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;;GATxC,iBAAiB,CAyI7B"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { DependencyContainer } from "tsyringe";
|
|
2
2
|
import { AuthenticationManagerInterface } from "../interfaces/authentication-manager.interface";
|
|
3
3
|
import { IdentityInterface } from "@pristine-ts/common";
|
|
4
|
-
import { LogHandlerInterface } from "@pristine-ts/logging";
|
|
4
|
+
import { BreadcrumbHandlerInterface, LogHandlerInterface } from "@pristine-ts/logging";
|
|
5
5
|
import { AuthenticatorFactory } from "../factories/authenticator.factory";
|
|
6
6
|
import { IdentityProviderInterface } from "../interfaces/identity-provider.interface";
|
|
7
7
|
import { Request } from "@pristine-ts/common";
|
|
@@ -13,13 +13,14 @@ export declare class AuthenticationManager implements AuthenticationManagerInter
|
|
|
13
13
|
private readonly identityProviders;
|
|
14
14
|
private readonly logHandler;
|
|
15
15
|
private readonly authenticatorFactory;
|
|
16
|
+
private readonly breadcrumbHandler;
|
|
16
17
|
/**
|
|
17
18
|
* The authentication manager provides authentication by returning the identity executing the action.
|
|
18
19
|
* @param identityProviders The identity providers to use to provide the identity. All services tagged with ServiceDefinitionTagEnum.IdentityProvider will be injected here.
|
|
19
20
|
* @param logHandler The log handler to output logs.
|
|
20
21
|
* @param authenticatorFactory The factory to create the authenticator.
|
|
21
22
|
*/
|
|
22
|
-
constructor(identityProviders: IdentityProviderInterface[], logHandler: LogHandlerInterface, authenticatorFactory: AuthenticatorFactory);
|
|
23
|
+
constructor(identityProviders: IdentityProviderInterface[], logHandler: LogHandlerInterface, authenticatorFactory: AuthenticatorFactory, breadcrumbHandler: BreadcrumbHandlerInterface);
|
|
23
24
|
/**
|
|
24
25
|
* Authenticates a request by providing the identity that made the request.
|
|
25
26
|
* @param request The request to authenticate
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { DependencyContainer } from "tsyringe";
|
|
2
|
-
import { LogHandlerInterface } from "@pristine-ts/logging";
|
|
2
|
+
import { BreadcrumbHandlerInterface, LogHandlerInterface } from "@pristine-ts/logging";
|
|
3
3
|
import { IdentityInterface } from "@pristine-ts/common";
|
|
4
4
|
import { AuthorizerManagerInterface } from "../interfaces/authorizer-manager.interface";
|
|
5
5
|
import { GuardFactory } from "../factories/guard.factory";
|
|
@@ -11,12 +11,14 @@ import { Request } from "@pristine-ts/common";
|
|
|
11
11
|
export declare class AuthorizerManager implements AuthorizerManagerInterface {
|
|
12
12
|
private readonly logHandler;
|
|
13
13
|
private readonly guardFactory;
|
|
14
|
+
private readonly breadcrumbHandler;
|
|
14
15
|
/**
|
|
15
16
|
* The authorizer manager provides authorization by authorizing the action.
|
|
16
17
|
* @param logHandler The log handler to output logs.
|
|
17
18
|
* @param guardFactory The factory to create the guard.
|
|
19
|
+
* @param breadcrumbHandler
|
|
18
20
|
*/
|
|
19
|
-
constructor(logHandler: LogHandlerInterface, guardFactory: GuardFactory);
|
|
21
|
+
constructor(logHandler: LogHandlerInterface, guardFactory: GuardFactory, breadcrumbHandler: BreadcrumbHandlerInterface);
|
|
20
22
|
/**
|
|
21
23
|
* Returns whether or not the request is authorized to access the route.
|
|
22
24
|
* @param request The request to authorize.
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { VoterInterface } from "../interfaces/voter.interface";
|
|
2
2
|
import { VotingStrategyEnum } from "../enums/voting-strategy.enum";
|
|
3
|
-
import { LogHandlerInterface } from "@pristine-ts/logging";
|
|
4
3
|
import { IdentityInterface } from "@pristine-ts/common";
|
|
4
|
+
import { LogHandlerInterface } from "@pristine-ts/logging";
|
|
5
5
|
/**
|
|
6
6
|
* The permission manager verifies if the correct permission are there to access and take an action on a resource.
|
|
7
7
|
*/
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pristine-ts/security",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.375",
|
|
4
4
|
"description": "",
|
|
5
5
|
"module": "dist/lib/esm/security.module.js",
|
|
6
6
|
"main": "dist/lib/cjs/security.module.js",
|
|
@@ -20,8 +20,8 @@
|
|
|
20
20
|
"access": "public"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@pristine-ts/common": "^0.0.
|
|
24
|
-
"@pristine-ts/logging": "^0.0.
|
|
23
|
+
"@pristine-ts/common": "^0.0.375",
|
|
24
|
+
"@pristine-ts/logging": "^0.0.375"
|
|
25
25
|
},
|
|
26
26
|
"devDependencies": {
|
|
27
27
|
"@types/jsonwebtoken": "^8.5.1"
|
|
@@ -60,5 +60,5 @@
|
|
|
60
60
|
"src/*.{js,ts}"
|
|
61
61
|
]
|
|
62
62
|
},
|
|
63
|
-
"gitHead": "
|
|
63
|
+
"gitHead": "f6fbdbef7cb209b37981a83bee66fdbd418af2be"
|
|
64
64
|
}
|